'No permission to access data')); } /* table connections */ if (substr($_SERVER["SCRIPT_FILENAME"],-25) == '/ricoUpdateConnection.php' && !empty($_GET['id']) && substr($_GET['id'],0,5) == 'grid_') { if (check_permissions(substr($_GET['id'],5))) return true; else format_ajax(array('error' => 'No permission to access data')); } /* ajax calls */ if (substr($_SERVER["SCRIPT_FILENAME"],-9) == '/ajax.php' && !empty($_POST['source'])) { if (check_permissions($_POST['source'])) return true; else format_ajax(array('error' => 'No permission to access data')); } return true; } function sanitise_filename($file) { return str_replace('./','x',$file); } function load_mask($name) { global $mask; global $jscode; $name = sanitise_filename($name); $file = $_SESSION['sys']['basedir'] . 'masks/' . $name . '.php'; if (!file_exists($file)) return false; include_once($file); return true; } function connect_db() { $dsn = sprintf('host=%s dbname=%s user=%s password=%s',DBHOST,DBNAME,DBUSER,DBPASS); pg_connect($dsn); } function query_db($sql) { $sth = pg_query($sql); if ($sth === false) return false; $result = array(); while ($row = pg_fetch_assoc($sth)) $result[] = $row; return $result; } function load_js($jsfiles, $jscode) { $ret = ''; foreach ($jsfiles as $file) $ret .= sprintf(''."\n", $file); if (!empty($jscode)) $ret .= sprintf('\n", implode("\n",$jscode)); return $ret; } function process() { if (!empty($_GET['login'])) { require_once('lib/login.php'); return mask_login(); } if (!empty($_GET['mask'])) { require_once('lib/mask.php'); return mask($_GET['mask']); } $ret = '
\n\$_SESSION = " . var_export($_SESSION,true) . "\n"; $html .= "\n\$_COOKIE = " . var_export($_COOKIE,true) . "\n\n"; $html .= $debug_info; $html .= '